This is a preliminary, informal review of your Information Security Management Systems
This includes elements such as checking the existence and completeness of key documentation such as:
- Your organization's information security policy
- Your Statement of Applicability (SoA) and
- Your Risk Treatment Plan (RTP).
This stage serves to familiarize the auditors with your organization. It also allows you to get to know us and become comfortable with us and the process as a whole.
This is a more detailed and formal compliance audit that independently tests your ISMS against the requirements specified in ISO/IEC 27001.
The auditors will seek evidence to confirm that your management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS).
Certification audits are usually conducted by ISO/IEC 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/IEC 27001.